﻿Imports Microsoft.VisualBasic
Imports System.Data.OleDb
<Serializable()>
Public Class User
    Public UserID As String
    Public CustomerID As String
    Public UserName As String
    Public EncryptedPassword As String
    Public isAdmin As Boolean
    Public SecurityQ1 As String
    Public SecurityQ2 As String
    Public SecurityA1 As String
    Public SecurityA2 As String
    Public isLocked As Boolean
    Public First As String
    Public Last As String
    Public Address1 As String
    Public Address2 As String
    Public City As String
    Public StateProvince As String
    Public PostalCode As String
    Public Country As String
    Public Phone As String
    Public Email As String
    Public isValid As Boolean = False
    Sub New(ByVal UserName As String)
        Me.UserName = UserName
        GetUserDB()
    End Sub
    Public Function Authenticate(ByVal Password As String) As Boolean
        If Not isLocked AndAlso EncryptedPassword <> String.Empty AndAlso Security.Decrypt(EncryptedPassword).Equals(Password, StringComparison.CurrentCulture) Then
            Return True
        Else
            Return False
        End If
    End Function
    Private Sub GetUserDB()
        Dim accessCon As New OleDbConnection(ConfigurationManager.ConnectionStrings("GotPinkDB").ConnectionString)
        accessCon.Open()
        Dim sql As String = "select top 1 Password, SecurityQuestion1, SecurityQuestion2, SecurityAnswer1, SecurityAnswer2, isLocked, isAdmin, " & _
            "c.* from Users u inner join Customers c on u.userid=c.userid where UserName=@UserName order by c.UserID desc"
        Dim accessCom As New OleDbCommand(sql, accessCon)
        Dim param1 As OleDbParameter = accessCom.Parameters.Add("@UserName", OleDbType.VarChar, 50)
        param1.Value = Me.UserName
        Dim dr As OleDbDataReader = accessCom.ExecuteReader()
        Try
            While (dr.Read)
                Me.EncryptedPassword = Utility.GetValidString(dr("Password"))
                Me.isAdmin = dr("isAdmin")
                Me.UserID = Utility.GetValidInt(dr("UserID"))
                Me.SecurityQ1 = Utility.GetValidString(dr("SecurityQuestion1"))
                Me.SecurityQ2 = Utility.GetValidString(dr("SecurityQuestion2"))
                Me.SecurityA1 = Utility.GetValidString(dr("SecurityAnswer1"))
                Me.SecurityA2 = Utility.GetValidString(dr("SecurityAnswer2"))
                Me.isLocked = dr("isLocked")
                'Customer Data
                Me.CustomerID = Utility.GetValidInt(dr("CustomerID"))
                Me.First = Utility.GetValidString(dr("FirstName"))
                Me.Last = Utility.GetValidString(dr("LastName"))
                Me.Address1 = Utility.GetValidString(dr("Address1"))
                Me.Address2 = Utility.GetValidString(dr("Address2"))
                Me.City = Utility.GetValidString(dr("City"))
                Me.StateProvince = Utility.GetValidString(dr("StateProvince"))
                Me.PostalCode = Utility.GetValidString(dr("PostalCode"))
                Me.Country = Utility.GetValidString(dr("Country"))
                Me.Email = Utility.GetValidString(dr("EmailAddress"))
                Me.Phone = Utility.GetValidString(dr("PhoneNumber"))
                Me.isValid = True
            End While
        Catch ex As Exception

        Finally
            dr.Close()
            accessCom.Dispose()
            accessCon.Close()
        End Try
    End Sub
    Public Sub Login()
        FormsAuthentication.SignOut()
        If Me.isValid Then
            FormsAuthentication.SetAuthCookie(Me.UserName, True)
            HttpContext.Current.Session("UserObject") = Me
        End If
    End Sub
    Public Function ChangePassword(ByVal Password As String) As Boolean
        Dim retval As Boolean = True
        Dim accessCon As New OleDbConnection(ConfigurationManager.ConnectionStrings("GotPinkDB").ConnectionString)
        Me.EncryptedPassword = Security.Encrypt(Password)
        Me.isLocked = False
        accessCon.Open()
        Dim sql As String = "Update [Users] Set isLocked=0, [Password]=@Password Where UserID=@UserID"
        Dim accessCom As New OleDbCommand(sql, accessCon)
        Dim param1 As OleDbParameter = accessCom.Parameters.Add("@Password", OleDbType.VarChar, 50)
        Dim param2 As OleDbParameter = accessCom.Parameters.Add("@UserID", OleDbType.Integer)
        param1.Value = Me.EncryptedPassword
        param2.Value = Me.UserID

        Try
            accessCom.ExecuteScalar()
        Catch ex As Exception
            retval = False
        Finally
            accessCom.Dispose()
            accessCon.Close()
        End Try
        Return retval
    End Function
    Public Function LockAccount(ByVal lock As Boolean) As Boolean
        Dim retval As Boolean = True
        Dim accessCon As New OleDbConnection(ConfigurationManager.ConnectionStrings("GotPinkDB").ConnectionString)
        Me.isLocked = lock
        accessCon.Open()
        Dim sql As String = "Update [Users] Set isLocked=@isLocked Where UserID=@UserID"
        Dim accessCom As New OleDbCommand(sql, accessCon)
        Dim param1 As OleDbParameter = accessCom.Parameters.Add("@isLocked", OleDbType.Boolean)
        Dim param2 As OleDbParameter = accessCom.Parameters.Add("@UserID", OleDbType.Integer)
        param1.Value = Me.isLocked
        param2.Value = Me.UserID

        Try
            accessCom.ExecuteScalar()
        Catch ex As Exception
            retval = False
        Finally
            accessCom.Dispose()
            accessCon.Close()
        End Try
        Return retval
    End Function
End Class
